Friday , 24 November 2017
Home » NEWS » TOP 10 STORIES » Another reason to hate Excel: its Macros can help pivot attacks

Another reason to hate Excel: its Macros can help pivot attacks

A white-hat has taken a good look at whether you can pivot an attack from one machine to others using Microsoft Excel, and you probably won’t like what he found. The researcher, Matt Nelson of SpecterOps (@enigma0x3) writes that he’s found loose default launch and access permissions, meaning a macro-based attack doesn’t need to interact with the victim. The nutshell version is this: Excel.Application is exposed via DCOM; it has no explicit launch or access permissions set; since the attacker would have to find some other means for the initial compromise, Microsoft Office Macro security won’t stop the pivot; and Excel.Application can be launched (and interacted with) remotely.

View Full Story

ORIGINAL SOURCE: The Register

About Dean Alvarez

Dean is Features Editor at IT Security Guru. Aside from cyber security and all things tech, Dean's interests include wine tasting, roller blading and playing the oboe in his Christian rock band, Noughts & Crosses.

You can reach Dean via email - dean@itsecurityguru.org